Merge pull request #3144 from matthewbauer/fix-sandbox-fallback

Fix sandbox fallback settings
This commit is contained in:
Eelco Dolstra 2019-11-26 20:51:52 +01:00 committed by GitHub
commit 7c8d7c17f8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -939,6 +939,9 @@ private:
/* Fill in the environment for the builder. */ /* Fill in the environment for the builder. */
void initEnv(); void initEnv();
/* Setup tmp dir location. */
void initTmpDir();
/* Write a JSON file containing the derivation attributes. */ /* Write a JSON file containing the derivation attributes. */
void writeStructuredAttrs(); void writeStructuredAttrs();
@ -1956,13 +1959,6 @@ void DerivationGoal::startBuilder()
auto drvName = storePathToName(drvPath); auto drvName = storePathToName(drvPath);
tmpDir = createTempDir("", "nix-build-" + drvName, false, false, 0700); tmpDir = createTempDir("", "nix-build-" + drvName, false, false, 0700);
/* In a sandbox, for determinism, always use the same temporary
directory. */
#if __linux__
tmpDirInSandbox = useChroot ? settings.sandboxBuildDir : tmpDir;
#else
tmpDirInSandbox = tmpDir;
#endif
chownToBuilder(tmpDir); chownToBuilder(tmpDir);
/* Substitute output placeholders with the actual output paths. */ /* Substitute output placeholders with the actual output paths. */
@ -2366,7 +2362,7 @@ void DerivationGoal::startBuilder()
int res = helper.wait(); int res = helper.wait();
if (res != 0 && settings.sandboxFallback) { if (res != 0 && settings.sandboxFallback) {
useChroot = false; useChroot = false;
tmpDirInSandbox = tmpDir; initTmpDir();
goto fallback; goto fallback;
} else if (res != 0) } else if (res != 0)
throw Error("unable to start build process"); throw Error("unable to start build process");
@ -2422,31 +2418,14 @@ void DerivationGoal::startBuilder()
} }
void DerivationGoal::initEnv() void DerivationGoal::initTmpDir() {
{ /* In a sandbox, for determinism, always use the same temporary
env.clear(); directory. */
#if __linux__
/* Most shells initialise PATH to some default (/bin:/usr/bin:...) when tmpDirInSandbox = useChroot ? settings.sandboxBuildDir : tmpDir;
PATH is not set. We don't want this, so we fill it in with some dummy #else
value. */ tmpDirInSandbox = tmpDir;
env["PATH"] = "/path-not-set"; #endif
/* Set HOME to a non-existing path to prevent certain programs from using
/etc/passwd (or NIS, or whatever) to locate the home directory (for
example, wget looks for ~/.wgetrc). I.e., these tools use /etc/passwd
if HOME is not set, but they will just assume that the settings file
they are looking for does not exist if HOME is set but points to some
non-existing path. */
env["HOME"] = homeDir;
/* Tell the builder where the Nix store is. Usually they
shouldn't care, but this is useful for purity checking (e.g.,
the compiler or linker might only want to accept paths to files
in the store or in the build directory). */
env["NIX_STORE"] = worker.store.storeDir;
/* The maximum number of cores to utilize for parallel building. */
env["NIX_BUILD_CORES"] = (format("%d") % settings.buildCores).str();
/* In non-structured mode, add all bindings specified in the /* In non-structured mode, add all bindings specified in the
derivation via the environment, except those listed in the derivation via the environment, except those listed in the
@ -2485,6 +2464,35 @@ void DerivationGoal::initEnv()
inode of the current directory doesn't appear in .. (because inode of the current directory doesn't appear in .. (because
getdents returns the inode of the mount point). */ getdents returns the inode of the mount point). */
env["PWD"] = tmpDirInSandbox; env["PWD"] = tmpDirInSandbox;
}
void DerivationGoal::initEnv()
{
env.clear();
/* Most shells initialise PATH to some default (/bin:/usr/bin:...) when
PATH is not set. We don't want this, so we fill it in with some dummy
value. */
env["PATH"] = "/path-not-set";
/* Set HOME to a non-existing path to prevent certain programs from using
/etc/passwd (or NIS, or whatever) to locate the home directory (for
example, wget looks for ~/.wgetrc). I.e., these tools use /etc/passwd
if HOME is not set, but they will just assume that the settings file
they are looking for does not exist if HOME is set but points to some
non-existing path. */
env["HOME"] = homeDir;
/* Tell the builder where the Nix store is. Usually they
shouldn't care, but this is useful for purity checking (e.g.,
the compiler or linker might only want to accept paths to files
in the store or in the build directory). */
env["NIX_STORE"] = worker.store.storeDir;
/* The maximum number of cores to utilize for parallel building. */
env["NIX_BUILD_CORES"] = (format("%d") % settings.buildCores).str();
initTmpDir();
/* Compatibility hack with Nix <= 0.7: if this is a fixed-output /* Compatibility hack with Nix <= 0.7: if this is a fixed-output
derivation, tell the builder, so that for instance `fetchurl' derivation, tell the builder, so that for instance `fetchurl'